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IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1 . (previously presented) In a node operative within a network of a plurality of 
nodes, a. method for performing cryptographic-related functions, comprising. 

executing an application program in a user space at the node: 
receiving an input requiring cryptographic-related processing: 
generating a message via the application program based on the input, the message 
representing one of a predefined set of messages for processing by one of a plurality of 
cryptographic processing components located in a kernel space within the node, each one 
of said messages being associated with a respective one of said cryptographic-related 
functions; 

transmitting the message to one of a socket handler and a call handier in kernel 
space at the node to obtain a transmitted message; 

forwarding the transmitted message to a request handler at the node which 
generates a function call to the cryptographic processing component, appropriate for the 
transmitted message; and 

performing the cryptographic-related processing by the cryptographic processing 
component appropriate for the transmitted message, 

2, (previously presented) 'The method of claim 1, wherein the cryptographic- 
related processing includes at least one of: 
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verifying or generating a digital signature, encrypting data, decrypting data, 

retrieving a digital certificate or certificate revocation iist, verifying a certificate's 

hierarchy, self-signed certificate processing; retrieving, verifying and .storing a digital 

certificate in the node; or certificate age checking. 

3. (previously presented) The method of claim ?, wherein the transmitting 
includes; 

generating a user datagram protocol <( r DP) message containing an identifier 
associated with a piedetermined cr\ ptograpiuc-related function and transmitting the I DP 
message \ia a I DP socket to the socket handiet 

4 (pfC\H>usH presented) I!k tit et hod of c! aim K fuithct computing 

generating an output message \J<t the application program, the output message 
requiring u\ ptogr.iphu.~t elated pjocessmg, 

nansmitting, based on the requited en ptogjaphic-i elated ptocessmg, one of the 
pit- defined set of messages to the axptographrc processing component, 

peffoimmg the er\ ptographie-r elated processing, and 

outputting the processed message. 

5. (previously presented) A computer- readable medium having stored thereon a 
plurality of sequences of instructions that may be invoked by a plurality of predefined 
messages, said instructions including sequences of instructions which, when executed by 
a processor in a user space, cause said processor to perform a method comprising: 
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receiving an input representing one of the predefined messages; 

transmitting, based on the input., a function call representing a request for 

cryptographic-related processing to a cryptographic processing module executed by the 

processor; and 

performing the cryptographic-related processing in a kernel space; 

wherein at least the receiving, the transmitting and the performing are 
implemented by public key authentication infrastructure {PK AJ) comprising: 

user space components including a user application program, a PKAI 
control daemon, a certificate database, a PKAI operations daemon and a PKAI remote 
server daemon; and 

kernel space components including a PK VI socket handler, a PKAI eall 
handle! and a PKAI icqucst hand leu 

wherein certain of the user space components communicate 'with othet ot the usci 
space components and ceitasn of the Let net space components communicate with othet of 
the kernel space components; and 

wherein other certain of the user space components communicate with other 
certain of the kernel space components. 

6. {previously presented) The computer-readable medium of claim 5, wherein the 
performing the cryptographic-related processing includes at least one of: 

verifying or generating a digital signature; encrypting or decrypting data; 
retrieving a digital certificate or certificate revocation list; verifying a certificate's 
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hierarchy, self-signed certificate processing; retrieving, verifying and storing a digital 
certificate, or certificate age cheeking. 



7. (canceled) 



8. (original } The computer-readable medium of claim 5, wherein the input 
represents a digitally signed network control message requiring verification 



9. {previously presented) A cryptographic module, comprising: 
a memory configured to store a plurality of cryptographic processing programs in 
user space on a computer-readable medium, each program being invoked via one of a 
plurality of predefined messages; and 
a processor configured to: 

receixe an input requiring cryptographic-related processing, 
generate one of the predefined messages based on the input, 
transmit the message to the memory to invoke a first one of the 
cryptographic processing programs, and 

perform, in kernel space, the cryptographic-related processing: 
wherein the module receives, generates, transmits and performs through 
infrastructure comprising: 

user space components including a user application program, a control 
daemon, a certificate database, an operations daemon and a remote server daemon; and 
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kernel s>pacc component* including a socket hatidlci a call handler and a 

request handler; 

wherein certain of the user space components communicate with o titer of 
the user space components and certain of the kernel space components communicate with 
other of the kernel space components, and 

wherein other certain of the user space components communicate with 
other certain of the kernel space components 

10. (previous^ presented'* The cryptographic module of claim Q , wherein w hen 
performing the cryptographic-related processing, the processor is configured to perform 
at least one of: 

\ eufyinu 01 gates aung a digital Sfgnatuic. ena\ ptitiu data, dta\ ptitiu data, 
tetttexmg a digital certificate or oeiiitlu'Ue 10 ocatson list, \enf\mg a cettifieate's 
htemrern, self-signed ccmfkdte ptocessing ictnexmg, \enf\mg and stonng<! digital 
ceititicate, Oi cettiticate at>c checking 

1 I (original ) The cryptographic module of claim s>. w herein when transmitting 
the message, the processor is further configured to. 

transmit a function call to the first cryptographic processing program. 

12. (original) The cryptographic module of claim 9. wherein the processor is 
further configured to; 



6 



Application Serial No. 09/59 1. 708 
Docket No 00-8010 

transmit the result of the cryptographic-related processing to an application 

program. 

13. (canceled) 

f-4 {previously presented) A method of performing cryptographic-related 
functions in a node coupled to other nodes in a network, the node including an 
application program executed in user space for handling communications with the other 
nodes, the method comprising- 

receiving in said node an input requiring a cryptographic-related operation; 

generating in said node a predefined message based on the input, the message 
representing one of a plurality of predefined messages usable by a cryptographic 
processing program executed by one of a plurality of cryptographic processing 
components in kernel space, each one of said messages being associated with a respective 
one of said cryptographic-related functions; 

transmitting in said node the predefined message to a socket handler in kernel 
space or a call handler in kernel space to obtain a transmitted message. 

forwarding the transmitted message to a request handier within the node which 
generates a function call to the cryptographic processing component appropriate for the 
transmitted message; and 

performing in said node, via the cryptographic processing program, the required 
cryptographic-re! ated operation . 
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I s (original} the method of claim 14, futihcr computing 
teiummg flic Jesuit of the pettoimmg the application ptogtam 

\<j {picMoush presented) 1 he muhod of chum !4, wheit-m the piedtdined 
message includes at least one of: 

a request for digital signature generation, a request for digital signature 
verification, a request for data encryption, a request for data decryption, a request for 
retrieval of a digital certificate, a request for retrieval of a certificate revocation list, a 
request for verification of a certificate's hierarchy, a request for self-signed certificate 
processing, or a request for certificate age checking. 

1 7. {previously, presented) The method of claim 16, wherein the request for 
digital signature generation includes a request for at least one of RSA signature 
generation, secret keyed MD5 signature generation, elliptic cur\e signature generation or 
digital signature standard signature generation 

18. (previous! v presented) The method of claim 16. wherein the request for 
digital signature verification includes a request for at least one of R.SA signature 
verification, secret keyed MD5 signature verification, elliptic curve signature verification 
or digital signature standard signature verification. 
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1° (previously presented) the method of claim lo, wheictn the request for data 
cnu\ption im. hides a icqucst tot at least one of R'sA based enu\ption ot elliptic un\e 
based encryption. 

20. (previously presented) The method of claim 16, wherein the request for data 
decryption includes a request for at least one of RSA based decryption or elliptic curve 
based decryption, 

21 . (original ) The method of claim 14, wherein the performing includes: 
accessing a remote server via the network to retrieve cryptographic-related 

information. 

22. (previously presented) A computer-readable medium that stores instructions 
in user space executable b\ at least one processus in kernel space to pciform a method to? 
pros idmg u\ ptouniphtL-telated Junctions the method compusmg 

ieeei\ mil m ihc at least vine pjoccssoj a first function call fiom a piedefincd list of 
function trails, the piedefined hst of function calls representing a^ aiiabte ei\ ptogtaphse- 
rdated ilmasons executable b\ the at least one pjoeessor 

generating m ihc ai least ojk puvcssoi a icqucst message based on the fust 
function call the request message lepicsemmg a request fot psocessmg b\ a 
cn ptour.ipiiK pjocessmg module executed b\ the at lost one processor, 

tninsmmmg m the at least one piocessor the iequest mess.iye to the mptogmphu. 
processing module; and 
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performing in the at least one processor the cryptographic-related function. 

wherein the receiving, the generating the transmitting and the performing are 

implemented by: 

user space components including a user application program, a control 
daemon, a certificate database, a operations daemon and a remote server daemon: and 

kernel space components including a socket handier, a call handler and a 
request handler; 

wherein certai n of the user space components communicate with other of the user 
space components and certain of the kernel space components communicate with other of 
the kernel space components; and 

wherein other certain of the user space components communicate with other 
certain of the kernel space components, 

23, (canceled) 
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